An editor takes responsibility for leaked iOS identifiers

Apple’s identifiers published by AntiSec come from editor BlueToad’s servers, with the company admitting to this. The hacking group had previously stated that they found the information on a laptop belonging to the FBI.

The affair surrounding Apple’s revealed UDID’s (Unique Device Identifier) has taken a turn. Following both the FBI’s denials and Apple’s, it has now been unexpectedly announced that the information comes from BlueToad.

Based in Florida, the company has developed iOS applications for numerous magazine editors. On Monday, BlueToad’s CEO indicated that their company has fallen victim to a cyber-attack which consequently lead to the theft of Apple’s identifiers.

Not long after the attack, "an unknown group published these UDIDs on the Internet", states Paul DeHart on a posting made to the BlueToad blog. The publishing of close to a million identifiers is 98% the same as the information taken from BlueToad, a theft authorities are now investigating.

The revelations that BlueToad is behind the information was released at the same time that a security researcher for the Intrepidus Group came to the same conclusion about the origin of the UDID’s.

Last week, the AntiSec hacking group claimed that they had published a million of the 12 million UDID’s they have in their possession. AntiSec created a lot of chaos by claiming that they got their hands on the information via a Java vulnerability that was exploited on an FBI agent’s laptop computer.

The chronology of the events doesn’t fit with BlueToad’s admission, with the company stating that they were a victim of a computer attack two weeks ago. AntiSec indicates that they received the information in March 2012.

BlueToad does state though that they don’t know whether the data comes from their systems. Could they have come from an FBI agent’s computer? BlueToad also estimates that only 2 million entries were compromised in their database. If what they say is true (or at least partly), the AntiSec hackers may still have entries from an unknown source.

With the arrival of iOS 6, new API’s will be introduced which will make the use of UDID irrelevant.